Tuesday, September 19, 2006

ping using netbios name from Linux box

I have a linux box in a LAN with almost other boxen are MS Windows ME/XP. This Linux box acts as a WINS server serving request from LAN for netbios information. I can get the name of pcs in my workgroup using smbclient -L mywinsserver but I didn't know the ip address of each client. I would like to ping the name of a client pc using netbios names. How to overcome this? I got this simple solution from the net. Put wins in /etc/nsswitch.conf like this:

hosts:          files dns wins

This line says, try looking in /etc/hosts files and then dns server and then wins server for the ip address of the name. This is only applicable if there is a WINS server in your network. If not, you're out of luck.

tips : to speed up netbios name resolution, try putting wins in the front like this

hosts:          wins files dns

I don't recommend this unless you access clients on your network frequently. Otherwise, the default should be enough.

Thursday, September 7, 2006

Samba explained

I'm done setting up samba server as instructed by my boss 2 weeks ago. The mystery of SAMBA have been revealed :). I never done this before. I mean I've never done setting up one for 'production' server. I learnt a lot from internet by googling and asking on a Linux forum to get hints. I wanna share a few tips here for us.

My setup
The first thing to configure is smb.conf. I use Slackware 10.2. This file is located in /etc/samba. For your distro, you should check in /etc or /etc/samba. This file is divided into 2 categories:

  1. global setting [global]
  2. share definitions (this is where you define your sharing directories)
Let's discuss them in turn

global setting[global]

workgroup - specify workgroup of your machine
server string - specify server string ie Samba server
security - specify your security here ie share or user. share is suitable for home use. user is more secure. You have to specify username and password when you want to connect to this samba server.
hosts allow - ie 192.168.0.0/24 or 10.0.0.0/16 , specify LAN clients allowed to connect. You may want to add localhost too ie 127.0.0.1
wins server - specify WINS server to be used by this samba server for faster NetBIOS name resolution ie 192.168.0.11

There are more directives to be set but I concentrate for simple setup only.

Share Definitions
Here you can specify what directory you want to make sharing. Look at this example:

[homes]
comment = Home Directories
browseable = No
writable = Yes

[public]
comment = For Public Consumption
path = /home/samba/public
public = Yes
writable = Yes
printable = No
writelist = @staff
browseable = Yes

[Finance]
comment = Finance's Stuff
path = /home/samba/finance
valid users = @finance
public = no
writable = no
printable = no
browseable = yes
write list = @finance
create mask = 0660
directory mask = 0770
force group = @finance

------
for [Homes], it is the home directory of the user if they logged in. browseable = No states that the directory is not browseable by other users or hidden. writable = yes states that the user is given read and write permissions.

for [public], the path for this folder is /home/samba/public. You have to make sure that this directory exist and make sure the permission is set as below:

drwxrwxr-x  root staff  /home/samba/public

this ensure that the staff group has write permission as stated by writelist = @staff. The other directives are self-explanatory.

For [finance], the path is /home/samba/finance and valid users = @finance states that only users in finance group can enter/access this directory and write list = @finance ensures that only users in finance group have read and write permissions. The "create mask" and "directory mask" ensure new and modified files and directories retain their correct permissions, and the "force group" causes all file read/writes to be the group finance regardless of what the user's primary group is, ensuring that all members can read/write/modify files. permissions. You should set the directory as :

drwxrwx---  root finance  /home/samba/finance

These are the tips that I got when I was setting up the samba server. I hope it can be useful to anyone who wanna setup a simple samba server in a LAN more secure by setting up the sharing directories correctly.

You can extend the above setup as you grasp the key concept above. The permissions of Linux directories should satisfy what you state in smb.conf or the other way around :). Otherwise it will make no sense.

Lastly, to restart the samba server , issue this command :

/etc/rc.d/rc.samba restart

or (if you use Fedora, Redhat or Mandriva)

service smbd restart

Have nice day!

Renew letsencrypt ssl certificate for zimbra 8.8.15

 Letsencrypt certs usually consists of these files: 1. cert.pem 2. chain.pem 3. fullchain.pem 4. privkey.pem I am not going to discuss about...